On Thu, Mar 4, 2010 at 2:56 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Wednesday 2010-03-03 19:41, Balaji Venkatamohan wrote: >> >>I need to use regular expressions inside the point of decision match >>function. I could not use 'regex.h ' or any other standard C library >>inside any of xt_*.c or xt_c*.h files. I could also see that none of the >>netfilter match extensions have them. I would also like to know why is it >>so? Please refer to the source code of l7filter. http://l7-filter.sourceforge.net/ > > Regular expressions are not the cheapest, both time and memory-wise: > you have to keep in mind NF runs in irq context. Furthermore, since > you only see single packets rather than the connection stream, regexes > prove to be far less useful. REs are useful and cheapest in some conditions. -- Regards, Changli Gao(xiaosuo@xxxxxxxxx) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
